4,156 research outputs found
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
On the Termination Problem for Probabilistic Higher-Order Recursive Programs
In the last two decades, there has been much progress on model checking of
both probabilistic systems and higher-order programs. In spite of the emergence
of higher-order probabilistic programming languages, not much has been done to
combine those two approaches. In this paper, we initiate a study on the
probabilistic higher-order model checking problem, by giving some first
theoretical and experimental results. As a first step towards our goal, we
introduce PHORS, a probabilistic extension of higher-order recursion schemes
(HORS), as a model of probabilistic higher-order programs. The model of PHORS
may alternatively be viewed as a higher-order extension of recursive Markov
chains. We then investigate the probabilistic termination problem -- or,
equivalently, the probabilistic reachability problem. We prove that almost sure
termination of order-2 PHORS is undecidable. We also provide a fixpoint
characterization of the termination probability of PHORS, and develop a sound
(but possibly incomplete) procedure for approximately computing the termination
probability. We have implemented the procedure for order-2 PHORSs, and
confirmed that the procedure works well through preliminary experiments that
are reported at the end of the article
Pruning, Pushdown Exception-Flow Analysis
Statically reasoning in the presence of exceptions and about the effects of
exceptions is challenging: exception-flows are mutually determined by
traditional control-flow and points-to analyses. We tackle the challenge of
analyzing exception-flows from two angles. First, from the angle of pruning
control-flows (both normal and exceptional), we derive a pushdown framework for
an object-oriented language with full-featured exceptions. Unlike traditional
analyses, it allows precise matching of throwers to catchers. Second, from the
angle of pruning points-to information, we generalize abstract garbage
collection to object-oriented programs and enhance it with liveness analysis.
We then seamlessly weave the techniques into enhanced reachability computation,
yielding highly precise exception-flow analysis, without becoming intractable,
even for large applications. We evaluate our pruned, pushdown exception-flow
analysis, comparing it with an established analysis on large scale standard
Java benchmarks. The results show that our analysis significantly improves
analysis precision over traditional analysis within a reasonable analysis time.Comment: 14th IEEE International Working Conference on Source Code Analysis
and Manipulatio
Consistent SDNs through Network State Fuzzing
The conventional wisdom is that a software-defined network (SDN) operates
under the premise that the logically centralized control plane has an accurate
representation of the actual data plane state. Unfortunately, bugs,
misconfigurations, faults or attacks can introduce inconsistencies that
undermine correct operation. Previous work in this area, however, lacks a
holistic methodology to tackle this problem and thus, addresses only certain
parts of the problem. Yet, the consistency of the overall system is only as
good as its least consistent part. Motivated by an analogy of network
consistency checking with program testing, we propose to add active probe-based
network state fuzzing to our consistency check repertoire. Hereby, our system,
PAZZ, combines production traffic with active probes to periodically test if
the actual forwarding path and decision elements (on the data plane) correspond
to the expected ones (on the control plane). Our insight is that active traffic
covers the inconsistency cases beyond the ones identified by passive traffic.
PAZZ prototype was built and evaluated on topologies of varying scale and
complexity. Our results show that PAZZ requires minimal network resources to
detect persistent data plane faults through fuzzing and localize them quickly
while outperforming baseline approaches.Comment: Added three extra relevant references, the arXiv later was accepted
in IEEE Transactions of Network and Service Management (TNSM), 2019 with the
title "Towards Consistent SDNs: A Case for Network State Fuzzing
Consistent SDNs through Network State Fuzzing
The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Nevertheless, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to continuously test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly
Finite Countermodel Based Verification for Program Transformation (A Case Study)
Both automatic program verification and program transformation are based on
program analysis. In the past decade a number of approaches using various
automatic general-purpose program transformation techniques (partial deduction,
specialization, supercompilation) for verification of unreachability properties
of computing systems were introduced and demonstrated. On the other hand, the
semantics based unfold-fold program transformation methods pose themselves
diverse kinds of reachability tasks and try to solve them, aiming at improving
the semantics tree of the program being transformed. That means some
general-purpose verification methods may be used for strengthening program
transformation techniques. This paper considers the question how finite
countermodels for safety verification method might be used in Turchin's
supercompilation method. We extract a number of supercompilation sub-algorithms
trying to solve reachability problems and demonstrate use of an external
countermodel finder for solving some of the problems.Comment: In Proceedings VPT 2015, arXiv:1512.0221
The Complexity of Model Checking Higher-Order Fixpoint Logic
Higher-Order Fixpoint Logic (HFL) is a hybrid of the simply typed
\lambda-calculus and the modal \lambda-calculus. This makes it a highly
expressive temporal logic that is capable of expressing various interesting
correctness properties of programs that are not expressible in the modal
\lambda-calculus.
This paper provides complexity results for its model checking problem. In
particular we consider those fragments of HFL built by using only types of
bounded order k and arity m. We establish k-fold exponential time completeness
for model checking each such fragment. For the upper bound we use fixpoint
elimination to obtain reachability games that are singly-exponential in the
size of the formula and k-fold exponential in the size of the underlying
transition system. These games can be solved in deterministic linear time. As a
simple consequence, we obtain an exponential time upper bound on the expression
complexity of each such fragment.
The lower bound is established by a reduction from the word problem for
alternating (k-1)-fold exponential space bounded Turing Machines. Since there
are fixed machines of that type whose word problems are already hard with
respect to k-fold exponential time, we obtain, as a corollary, k-fold
exponential time completeness for the data complexity of our fragments of HFL,
provided m exceeds 3. This also yields a hierarchy result in expressive power.Comment: 33 pages, 2 figures, to be published in Logical Methods in Computer
Scienc
- …